Summary: Law firms are the protectors of sensitive information, so extra preventative measures must be taken to protect that data from damaging ransomware.
Law firms are becoming increasingly targeted by hackers because of the sensitive information they protect. They are the protectors of their clients’ trade secrets, corporate data and sensitive information on potential deals. Ransomware attacks are growing in frequency, with McAfee estimating that there were over 4 million ransomware versions in the second quarter of 2015. This is no surprise when big money can be made. The FBI says that the specific Cryptowall program collected over $18 million as of June 2015. Solo practitioners and small law firms may be targeted more because they generally lack the IT know-how to prevent or be prepared for such an attack. However, large law firms are not exempt from attacks just because they may have more procedures in place to protect their data. All firms need to make sure they are well-protected.
In June 2017, big law firm DLA Piper was crippled by the Petya ransomware attack. Read more about this attack here:
DLA Piper Is First Law Firm Hit by Global Ransomware Attack
What Is Ransomware?
Imagine having your computer hacked and all your information held hostage until you paid a ransom. The malevolent program limits the functionality of the victims’ computer. The program can completely disable your computer and encrypt files so you can’t read them, or the program can prevent things like Microsoft Word or internet browsers from working. The ransom amount will vary depending on who is behind the hacking scheme. Generally, it is around $500, but large law firms may experience much bigger demands. Hackers usually want the payment in the form of bitcoins, which are a digital form of currency that is harder to track. Possibly the worst part is there is no guarantee of receiving a decryption key once the ransom is paid. Some hackers take the payment and run, leaving your law firm in the same position they were in but with less money.
How Do You Get Infected with Ransomware?
The most common methods of unknowingly being infected by ransomware are by downloading it through an infected site, email or ad and by weaknesses in the computer. Once the ransomware is downloaded to your computer, usually a unique “key” decrypts your files. Many of them are designed brilliantly so that they are nearly impossible to combat. Luckily for you and your law firm, there are ways to work around ransomware so that you don’t have to pay the ransom.
How Can You Recover Your Files If You Get Infected?
The easiest way to rid your computer of a virus is to wipe everything clean and restore your systems to the most recent working backup. In order to do this you have to be backing up your files in another place frequently. There are numerous options out there that you can use to backup up your files and protect them. Weigh the difference in the outcome of spending a few minutes each day backing up data compared to not doing that and having to pay a lot of money to get your data back.
You should be backing up your data to a separate storage server/site daily. Do not keep your network connected to your backup source, because if you are attacked then they have access to everything. Preferably, the most sensitive information should be stored on private backup equipment with less sensitive data kept in the cloud. Conduct the file transfer during a time when the email system is used minimally. This reduces the risk of someone accidentally bringing a virus onto the network when the connection is open. Email access should be blocked entirely during the file transfer to get rid of the risk completely. Solo practitioners can rely on an external hard drive to back up their data.
Enlist the Help of Good Hackers
There are people out there that can out hack the ransomware. Send these good hackers your infected files so that they can determine if it is fixable. If the ransomware can be beat then they will give you the keys to do so, often free of charge. There is also the option of using file-accessing auditing to open files. The feature is built into Microsoft Windows and available through cloud-based programs that track each time a user opens a folder or file. Monitoring this activity gives the IT professionals at your law firm a way of tracking patterns of unauthorized use. Tracking the patterns lets you take action to stop a server or remove a file before the attack happens.
Prevent the Attacks before They Happen
The most effective way to prevent ransomware from attacking your computer is by avoiding the attack before it happens. This is done through technological and human processes. With technology, you can establish vigorous spam-filtering systems that block specific file types that commonly carry viruses from ever reaching your computer. Pop-up blockers and up to date antivirus software also help reduce the chances of being attacked. Not sure which antivirus software your firm should use? AV-Test.org, an independent IT security institute, lists Bitdefender Endpoint Security, Kaspersky Lab Small Office Security, and Symantec Endpoint Protection as the three top antivirus options for Windows 10 client business users.
Another way to protect yourself is to keep your data in the cloud instead of on a hard drive to add another level of protection, assuming you use a secure cloud source. Doing this allows a laptop or individual computer to become infected, but keeps everything in the cloud safe. Not sure what you should use for your cloud backup solution? According to Tom’s IT Pro, the top 5 online backup options for businesses are: Amazon S3, Backblaze B2 Cloud Storage, Code 42 CrashPlan, Microsoft Azure, and OpenDrive for Business.
Utilize IT and security professionals to ensure that all access levels are secure and only a few authorized users have advanced privileges. If ransomware gains access to a computer, they can gain access to every program that user potentially uses. By limiting what users can access to only the things they absolutely need access to, the risk of everything being taken by a ransomware virus is reduced. Critical files and systems can be protected from more attack occurrences.
Educating your attorneys and staff on the dangers of ransomware with updates and training will help prevent them from doing things that will place the law firm’s data at risk. Raise awareness on what ransomware is, how it attacks, and how to prevent it through meetings and trainings. Tell your employees not to open emails or files unless they are certain of the sender and not to give any private information away. Prevention also includes not going to webpages that are insecure and downloading things from those pages. If an email looks suspicious, send it to your IT professional to check out and scan it with your antivirus software.
See the following articles for more information: